Atlassian Jira Vulnerability - CVE-2012-2926

Atlassian JIRA before 5.0.1 Confluence before 3.5.16 4.0 before 4.0.7 and 4.1 before 4.1.10 FishEye and Crucible before 2.5.8 2.6 before 2.6.8 and 2.7 before 2.7.12 Bamboo before 3.3.4 and 3.4.x before 3.4.5 and Crowd before 2.0.9 2.1 before 2.1.2 2.2 before 2.2.9 2.3 before 2.3.7 and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.